Published using Google Docs
20191213 Done Privacy Policy - English
Updated automatically every 5 minutes

Done Legal Info
Privacy Policy

Last updated on the 8th of April 2020.

Your privacy is what matters the most to us ! We also know that it is unlikely you will read the dozens of boring legal pages below.

While we, and our lawyers encourage you to read them, we also want to give you an easy and brief overview of things we believe are important to you, and the reason why we decided to request access to some data.

You can also read our Terms & conditions.

This document has 2 parts:

1. The zero bullshit straight forward easily understandable sum up,  


2. Privacy policy that our lawyers want us to present and you to read and agree.

Also it is important to know that, as soon as you have received the messages, we do not store them. In a will to protect your privacy, media files and documents you are sharing with your contacts through Done are by default stored on your devices only. We keep them available up to 30 days maximum.

You can also see our Privacy Policy in different languages:

Spanish - French

  1. The Zero Bullshit straight forward accessible version

What are the information we invite you to share with us, and why ?






Your Name

The name you enter for your profile

To be able for other user to know who you are

As long as you are a Doner

Your Mobile Phone

Your mobile phone number

To be able to uniquely identify who is using Done

As long as you are a Doner

Your list of contacts from your address books

Phone numbers, emails, contact names in your address book

To connect you with other Doners that you know

As long as you are a Doner

Your phone model

The Model of the phone and OS software version

To deliver to you the right version of the application

As long as you are a Doner

Your language

The set up language in your phone

To deliver you the version of Done with the right language

At your connection

Your country

The country register in your phone

To deliver you right version of Done

At your connection



Your free/busy time slots

To be able to easily offer available slots to people that want to set up a meeting / events with you

As long as you are a Doner, and gave access to the calendar

Calendar events

Events of your calendar

To sync the application with your calendar. Note that those data, as opposed to availabilities, are never disclosed to other users.

As long as you are a Doner, and gave access to the calendar

Emails of attendants

Emails of the person attending a meeting/event.

To track any invitation update on meeting /events you are participating in.

As long as you are a Doner, and gave access to the calendar


Media Files

Photo, video, voice recording

Share it with other selected Doners

we keep it up to 30 days.


Share it with other selected Doners

we keep it up to 30 days.

What we want you to be able to do easily

Privacy Policy

Let’s make things easy for you.

With Done, at any time you can :

- Have access to the data we have about you. It is today possible by a simple email to Very soon you will be able to do it by yourself from the Done’s application.

- Delete completely your account as you were never registered on our application.  It is today possible by a simple email to Very soon you will be able to do it by yourself from Done’s application.


  1. Definitions
  2. Collection of personal data
  3. Use of the personal data collected
  4. Personal data communicated by third parties
  5. Purpose(s) of the processing
  6. Security of personal data collected
  7. Retention period of the personal data collected
  8. Information and exercise of rights
  9. Protection of private life
  10. Cookies
  11. Charter update

DONE HUI, a company governed by French law with its registered office at 74, cours Aristide Briand 33000 Bordeaux and registered under no. 842644700 (hereinafter, the “Company”) undertakes, within the framework of its activities and in accordance with the legislation in force in France (Law no. 78-017 of 6 January 1978 relating to data Processing, to files and freedoms - known as the Data Protection Act- ) and in Europe (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such Data – GDPR - ), to ensure the protection, confidentiality and security of the Personal Data of persons benefiting from the services of the Company entities, and to respect their privacy.

In order to ensure their proper application, the Company has appointed a Personal Data protection officer (DPO), who is a key contact for the protection of Personal Data, both within the Company and in its relations with the French Data Protection Authority (Commission Nationale de l’Informatique et des Libertes, la “CNIL”). For the French entities of the Company, a Data Protection Delegate has been appointed to the CNIL, whose contact is:

The Company has developed and markets an application called DONE (hereinafter, “the Application” or “DONE”), a multifunctional application (messaging, file sharing, calendar, task management, etc.) allowing better time and tasks organization and enabling collaborative work.

By accessing, downloading and/or using DONE, you acknowledge that you have read, understood and accepted, without limitation or reservation, this Charter. The purpose of the present Charter is to inform you of the rights and freedoms that you may assert with respect to the Company concerning the use of your Personal Data and describes the measures that the Company implements to protect same.


Personal Data: Personal Data is any information relating to an identified natural person or to a natural person who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to that person.

Processing of Personal Data: Processing of Personal Data is any operation or set of operations relating to such Data, regardless of the process used, and in particular the collection, recording, organization, storage, adaptation or modification, retrieval, consultation, use, communication by transmission, dissemination or any other form of making available, alignment or interconnection, as well as blocking, erasure or destruction.

Cookie: a Cookie is information deposited on the hard disk of an Internet user by the server of the website he visits. It contains several pieces of Data: the name of the server that deposited it, an identifier in the form of a unique number and possibly an expiry date. This information is sometimes stored on the computer in a simple text file that a server accesses to read and record information.


The Company shall refrain from collecting Personal Data without having notified the users of the Application. The Company collects this Data in order to provide the requested services to the users of the Application, to meet their needs and inform them of the use that is made of it.

The Company ensures the relevance of the Personal Data collected in order to better know the users of the Application.

The Company automatically collects certain information from DONE users relating to their actual use of the Application. The information automatically collected relates to:


The Company ensures the confidentiality of the Personal Data collected. The Company respects the principles of Personal Data protection as of the time of conception of services, sites and applications.

The Company uses the Personal Data of the persons concerned in order to authenticate them, provide them with the subscribed service and propose offers adapted to their needs.

The Company only communicates Personal Data to its authorized service providers/contractors and ensures that they comply with strict conditions of confidentiality, use and protection of this Personal Data.

The Company shall refrain from disclosing Personal Data to third parties without informing the persons concerned and undertakes to respect the right of opposition provided for in Article 21 of the General Regulations on Data Protection (GDPR).

The Company uses the Personal Data of the concerned persons, previously made anonymous in an irreversible manner, for the purposes of statistical studies.


The Company may receive user’s Personal Data from other users or companies. For example, when other users or companies who have exchanged information with another user use DONE, they may provide the Company with Personal Data about that user.

Companies with which a user exchanges information through DONE provide the Company with Personal Data arising from these interactions. However, where a company uses a third-party service to store Personal Data exchanged on DONE about a user, the terms of use and confidentiality of that third party govern the collection of the Personal Data.

The Company is working with third party vendors to develop the Application. These third-party vendors may provide the Company with user data in certain circumstances.

Where the services provided by the Company are used in conjunction with third-party services, the Company may receive Personal Data from them about users using such third-party services.


When you use the Application, you may provide us with specific Personal Data in order to make optimal use of the services offered by DONE. The purpose of the Processing of Personal Data is to ensure the proper functioning of DONE. The Personal Data collected concerns:

The Personal Data collected may also be used to prevent and fight against computer fraud (spamming, hacking, etc.), or to carry out optional satisfaction surveys on DONE services.

Your Personal Data will not be further processed in a manner incompatible with the purposes described above or in the collection forms. They are only kept for the time necessary to achieve these purposes.

Your Personal Data may be communicated to certain departments of the data processor, as well as to certain partners or sub-contractors for purposes of analysis and surveys.


If the user has specifically consented to Spread the word as proposed in the Application, DONE will conduct marketing campaigns to promote the Application towards user’s contacts.

These marketing campaigns are Facebook or LinkedIn ad campaigns that target user contacts email addresses and/or phone numbers. This promotion however does not apply to email addresses and/or phone numbers corresponding to users that have already registered to the Application.

Also, if the user has not disabled ad tracking, this promotion can be conducted through ad campaigns that make use of the user ad identifier, namely IDFA on iOS devices, or AAID on Android devices.

DONE users can opt-out any time using Application settings, section Privacy, Spread the word. Opting-out is effective immediately with the exception of ad campaigns that are already in progress. Ad campaigns we conduct never exceed fifteen (15) days.

You can find hereafter Facebook data policy and LinkedIn privacy policy.


The Company implements security measures appropriate to the sensitivity of the Personal Data in order to protect it from malicious intrusion, loss, alteration or disclosure to unauthorized third parties.

For the operation of the Application, the exchanges between devices pass entirely through a centralized server.

The Company grants access authorizations to its information system only to those persons who need it to perform their duties and only to the extent necessary.

The Company makes its employees aware of the protection of Personal Data made available to them in the course of their duties and ensures that they comply with the existing rules and the Company’s code of ethics.

The Company conducts audits to verify the proper operational application of these rules.

The Company requires its service providers and/or sub-contractors to comply with its safety principles.


The Company does not retain Personal Data beyond the duration necessary to achieve the purpose of the Processing, while complying with applicable legal and regulatory limits, or another duration taking into account operational constraints such as effective management of the relationship with users and responses to requests from the courts or regulatory authorities on which DONE depends.


Users of the Application, whose Personal Data are collected, have various rights:

Users of the Application are nevertheless informed that the Personal Data collected are, where applicable, necessary for the performance of the service provided by the Company, so that in the event of use of its right to erase the said Data, to oppose or limit the Processing before the end of the contractual relationship, the service cannot be performed.

Users can have access to their data by sending a simple e-mail to: It will soon be possible for users to consult the data stored about them themselves from the application.

Users can also completely delete their account as if they had never logged into the application by sending an email to It will soon be possible for users to view their own stored data from the application.

The Company shall reply to the person who has made use of one of the aforementioned rights within one week of receipt of the request, it being specified that this does not necessarily mean that the request will be fully addressed within this period.

Eventually, the deletion and recovery of the data will be done by the user directly himself.

In the event that the controller refuses to comply with the data subject’s request for information, the controller shall specify the reasons for such refusal.

The user has the possibility to lodge a complaint with the French Data Protection Authority or the supervisory authority of the European Union Member State in which he/she resides and to lodge a legal appeal.

For the purposes of this article, the term “controller” means the Company.


Any person may request a right of access from the controller if Personal Data relating to him/her are being processed. If so, the data Subject may obtain a copy of the personal data being processed and the following information:


Any person whose Personal Data is the Subject of Processing has the right to obtain the rectification of inaccurate Personal Data concerning him/her and that such Data be completed if the purpose of the Processing so requires.


Any person whose Personal Data are processed has the right to obtain from the controller the erasure of such Data in the following cases:

However, the data controller may refuse to delete the Data in the following cases:


Any person whose Personal Data are being processed may ask the controller to limit the Processing in the following cases:

Should the restriction subsequently be lifted, the controller shall inform the data Subject in advance.


Any person whose Personal Data are processed may request the controller to communicate such Data to him or her or to transmit them to another controller in the following cases:


Any person whose Personal Data are being Processed has the right to object to such Processing under the following conditions:


The Company has appropriate physical, electronic and administrative security devices designed to protect personal information obtained from data Subjects, customers and prospects in accordance with this Charter. Despite reasonable efforts to protect such information, no transmission over the Internet is completely secure and the Company cannot guarantee the confidentiality of Data transmitted to it via the Internet.

The Company takes measures to limit intrusive actions of third parties (spam, etc.) and provides information on electronic attacks (phishing, viruses, data abduction, etc.).

The DONE application may contain hyperlinks to other third-party websites or third-party online spaces for the convenience and information of the persons concerned. These linked third-party websites may be operated by unaffiliated entities and may have their own privacy policies or notices. Accordingly, the Company advises individuals to review the privacy policies on these third-party websites to understand how they may collect and use Personal Information. The Company is not responsible for the content or the privacy practices of third-party websites that the Company does not control.

The DONE application may also include features designed to allow individuals to initiate interactions with third party websites or third-party services, including third party social networks. When using third party websites, third party services or third-party social networks, the Company invites data Subjects to consult their privacy and personal data protection policies.



Done web application ( does not use cookies directly, but does rely on two third party providers who require the use of cookies:


Cookies are used in order to provide the owners of the web pages visited with information about the marked Javascript sites visited by the users. These cookies (HTTP cookies) are used in order to remember the user’s activities on the website. More information on the use of cookies by Google Analytics (including how long they last) is available here:


In the case of Zendesk and in particular the chat widget and Web SDK, several cookies are used. The _zlcmid cookie retains the store visitor’s ID for widget authentication and the __zlcprivacy cookie retains the store visitor’s decision on the Cookie Law Javascript API.

More information on the use of Zendesk Chat cookies (including how long they last) is available here:


Done corporate website ( relies on multiple third party providers mainly to track how ads we conduct are performing, and to capture and aggregate statistics on the use.


Our corporate website uses Hotjar ( in order to better understand our users’ needs and to optimize this service and experience.

Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website.

Hotjar stores this information on our behalf in a pseudonymized user profile.

Hotjar is contractually forbidden to sell any of the data collected on our behalf.

For further details, please see the ‘About Hotjar’ section of Hotjar’s support site.

For detailed description about Hotjar cookies, please refer to Hotjar script cookies section.


Our corporate website uses “Facebook Pixel” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our website. This allows user behavior to be tracked after they have been redirected to our corporate website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes.

The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy.

You can allow Facebook and its partners to place ads on and off Facebook.

A cookie may also be stored on your computer for these purposes. The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR.

You can object to the collection of your data by Facebook Pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address:

Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (


Our corporate website uses “LinkedIn Insight Tag” ( to track conversions, retarget website visitors, and unlock additional insights about members interacting with our LinkedIn adverts.

The LinkedIn Insight Tag enables the collection of metadata such as IP address information, timestamp, and events such as page views.

You can object to the collection of your data by LinkedIn Insight Tag on your LinkedIn settings page.

We recommend you read their Cookie Policy for more information.


Our corporate website uses Google Ads conversion tracking pixel to track conversions, retarget website visitors, and unlock additional insights about members interacting with our Google Ads.

You can object to the collection of your data by Google Ads on your Google Ads settings page.

We recommend you read their Cookie Policy for more information.


The Company may be required to amend this Charter at any time, in particular as a result of:

In the interest of transparency, the Company invites the persons concerned to consult this page as often as they wish to take note of any changes.